Merge pull request #223 from blacklanternsecurity/dev #145
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Python Tests | |
| on: | |
| push: | |
| branches: | |
| - stable | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Set up uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Install Rust toolchain | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| - name: Install dependencies | |
| run: | | |
| uv sync | |
| - name: Build Python bindings | |
| run: | | |
| uv run maturin develop --release | |
| - name: Run Python tests | |
| run: | | |
| uv run pytest test_cloudcheck.py -v | |
| publish: | |
| runs-on: ubuntu-latest | |
| needs: test | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/stable' | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.x" | |
| - name: Set up Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Set up uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Build PyPi package | |
| run: uv run maturin build --release --out dist | |
| - name: Publish PyPi package | |
| # TODO: Remove || true | |
| run: uv run maturin publish --username __token__ --password ${{ secrets.PYPI_TOKEN }} || true | |
| linux: | |
| runs-on: ${{ matrix.platform.runner }} | |
| needs: publish | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/stable' | |
| strategy: | |
| matrix: | |
| platform: | |
| - runner: ubuntu-22.04 | |
| target: x86_64 | |
| - runner: ubuntu-22.04 | |
| target: x86 | |
| - runner: ubuntu-22.04 | |
| target: aarch64 | |
| - runner: ubuntu-22.04 | |
| target: armv7 | |
| # get rekt ibm | |
| # - runner: ubuntu-22.04 | |
| # target: s390x | |
| - runner: ubuntu-22.04 | |
| target: ppc64le | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: 3.x | |
| - name: Build wheels | |
| uses: PyO3/maturin-action@v1 | |
| with: | |
| target: ${{ matrix.platform.target }} | |
| args: --release --out dist --find-interpreter | |
| sccache: ${{ !startsWith(github.ref, 'refs/tags/') }} | |
| manylinux: auto | |
| before-script-linux: | | |
| if command -v apt-get >/dev/null 2>&1; then | |
| # Debian-based | |
| sudo apt-get update | |
| sudo apt-get install -y pkg-config libssl-dev perl make gcc g++ binutils | |
| elif command -v yum >/dev/null 2>&1; then | |
| # CentOS-based | |
| yum update -y | |
| yum install -y openssl openssl-devel perl perl-core make gcc gcc-c++ binutils | |
| else | |
| echo "Error: Neither apt-get nor yum found" | |
| exit 1 | |
| fi | |
| - name: Upload wheels | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: wheels-linux-${{ matrix.platform.target }} | |
| path: dist | |
| musllinux: | |
| runs-on: ${{ matrix.platform.runner }} | |
| needs: publish | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/stable' | |
| strategy: | |
| matrix: | |
| platform: | |
| - runner: ubuntu-22.04 | |
| target: x86_64 | |
| - runner: ubuntu-22.04 | |
| target: x86 | |
| - runner: ubuntu-22.04 | |
| target: aarch64 | |
| - runner: ubuntu-22.04 | |
| target: armv7 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: 3.x | |
| - name: Build wheels | |
| uses: PyO3/maturin-action@v1 | |
| with: | |
| target: ${{ matrix.platform.target }} | |
| args: --release --out dist --find-interpreter | |
| sccache: ${{ !startsWith(github.ref, 'refs/tags/') }} | |
| manylinux: musllinux_1_2 | |
| before-script-linux: | | |
| if command -v apt-get >/dev/null 2>&1; then | |
| # Debian-based | |
| sudo apt-get update | |
| sudo apt-get install -y pkg-config libssl-dev | |
| elif command -v yum >/dev/null 2>&1; then | |
| # CentOS-based | |
| yum update -y | |
| yum install -y openssl openssl-devel | |
| else | |
| echo "Error: Neither apt-get nor yum found" | |
| exit 1 | |
| fi | |
| - name: Upload wheels | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: wheels-musllinux-${{ matrix.platform.target }} | |
| path: dist | |
| windows: | |
| runs-on: ${{ matrix.platform.runner }} | |
| needs: publish | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/stable' | |
| strategy: | |
| matrix: | |
| platform: | |
| - runner: windows-latest | |
| target: x64 | |
| - runner: windows-latest | |
| target: x86 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: 3.x | |
| architecture: ${{ matrix.platform.target }} | |
| - name: Build wheels | |
| uses: PyO3/maturin-action@v1 | |
| with: | |
| target: ${{ matrix.platform.target }} | |
| args: --release --out dist --find-interpreter | |
| sccache: ${{ !startsWith(github.ref, 'refs/tags/') }} | |
| - name: Upload wheels | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: wheels-windows-${{ matrix.platform.target }} | |
| path: dist | |
| macos: | |
| runs-on: ${{ matrix.platform.runner }} | |
| needs: publish | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/stable' | |
| strategy: | |
| matrix: | |
| platform: | |
| - runner: macos-15-intel | |
| target: x86_64 | |
| - runner: macos-latest | |
| target: aarch64 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: 3.x | |
| - name: Build wheels | |
| uses: PyO3/maturin-action@v1 | |
| with: | |
| target: ${{ matrix.platform.target }} | |
| args: --release --out dist --find-interpreter | |
| sccache: ${{ !startsWith(github.ref, 'refs/tags/') }} | |
| - name: Upload wheels | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: wheels-macos-${{ matrix.platform.target }} | |
| path: dist | |
| sdist: | |
| runs-on: ubuntu-latest | |
| needs: publish | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/stable' | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Build sdist | |
| uses: PyO3/maturin-action@v1 | |
| with: | |
| command: sdist | |
| args: --out dist | |
| - name: Upload sdist | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: wheels-sdist | |
| path: dist | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| needs: [linux, musllinux, windows, macos, sdist] | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/stable' | |
| permissions: | |
| # Use to sign the release artifacts | |
| id-token: write | |
| # Used to upload release artifacts | |
| contents: write | |
| # Used to generate artifact attestation | |
| attestations: write | |
| steps: | |
| - uses: actions/download-artifact@v7 | |
| - name: Generate artifact attestation | |
| uses: actions/attest-build-provenance@v3 | |
| with: | |
| subject-path: 'wheels-*/*' | |
| - name: Publish to PyPI | |
| uses: PyO3/maturin-action@v1 | |
| env: | |
| MATURIN_PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }} | |
| with: | |
| command: upload | |
| args: --non-interactive --skip-existing wheels-*/* |